On Thu, 24 Apr 2014, Damien Miller wrote: > On Wed, 23 Apr 2014, Damien Miller wrote: > > > A simple way out of this would be adding "Match exec" support to sshd_config > > like ssh_config got in the last couple of releases. Anyone want to do this? > > like this: > > Index: servconf.c ... and applied using: Match exec "/path/to/wrapssh '%h' '%a' '%l' '%A'" MaxAuthTries 0 with a helper as simple as: (btw, I'd accept a fleshed-out version of this for contrib/ if anyone wants to do the work) #include <syslog.h> #include <tcpd.h> int main(int argc, char **argv) { struct request_info req; openlog("sshd-tcpwrap", LOG_NDELAY|LOG_PERROR|LOG_PID, LOG_AUTH); /* Client host, client address, server host, server address */ if (argc != 5) { syslog(LOG_ERR, "expected 4 arguments, got %d", argc - 1); return 2; } request_init(&req, RQ_DAEMON, "sshd", RQ_CLIENT_NAME, argv[1], RQ_CLIENT_ADDR, argv[2], RQ_SERVER_NAME, argv[3], RQ_SERVER_ADDR, argv[4], 0); if (!hosts_access(&req)) { syslog(LOG_ERR, "tcpwrappers refused connection"); return 1; } return 0; } _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev